Tools
Tools
Highly inspired by The Bug Hunter’s Methodology Jason Haddix @jhaddix.
Seeds/Roots
crt.sh crt.sh | Certificate Search
ASN Enumeratiom
bgp.he.net
Asnlookup
Metabigor
Reverse WHOIS
whoxy.com
DOMLink
Ad/Analytics Relationships
builtwith.com (also available as Firefox addon)
getrelationship.py
Google-Fu
Copyright text
Terms of service text
Privacy policy test
Subs
Linked and JS Discovery
Burp Suite Pro (or ZAP Proxy?)
GoSpider
hakrawler
Subdomainizer
subscraper
Subdomain Scraping
Amass
amass enum ...Subfinder v2
github-subdomains.py
github-search (unstable -> run multiple times)
shosubgo
Cloud Ranges (scan all AWS, Azure, etc. check SSL certs for "target")
Subdomain Bruting
Massdns
Amass
amass enum -brute -d twitch.tv -srcaisdnsbrute
shuffleDNS
altdns
HostileSubBrutforcer GitHub - nahamsec/HostileSubBruteforcer
Wordlists
all.txt
AssetNote -> commonspeak2
Favicon Analysis
favfreak
Port Analysis
Nmap
masscan (faster than Nmap)
dnmasscan
Brutespray
GitHub Dorking
github-search
Screenshotting
Aquatone
Eyewitness
httpscreenshot
WitnessMe
Subdomain takeover
can-i-take-over-xyz
Nuclei
SubOver
Automation++
interlace
Tools by TomNomNom (eg httpprobe, mage)
Frameworks
S-Tier
Bunty.offensiveai.com (paid)
Scout (paid)
A-Tier
B-Tier
C-Tier
MISC (to be cleaned up)
WebScarab
Recon-ng
GitRob
OnlineHashCrack.com
idb
Wireshark
Bucket Finder
Race the Web
Google Dorks
JD GUI
Mobile Security Framework
Ysoserial
Last updated